cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <rohit.ya...@shapeblue.com>
Subject Re: [SHOW] Authentication refactoring
Date Thu, 14 Aug 2014 16:56:44 GMT
Hi Min,

On 14-Aug-2014, at 6:54 pm, Min Chen <min.chen@citrix.com> wrote:

> Hi Rohit,
>
> Any reason why you didn't implement response class for login and logout
> like any other API cmd? I think that will be useful as mentioned in your
> FS.

Checkout LoginResponse and LogoutResponse :) also read the annotation in @APICommand which
links to them on master.
That’s how the apidoc gets the response docs.

Cheers.

>
> Thanks
> -min
>
> On 8/12/14 2:10 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
>
>> This was done:
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refa
>> ctoring
>>
>> This is the branch:
>> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs
>> /heads/auth-refactor
>>
>> Updates:
>> - Every auth mechanism now implements as a APICommand but these are
>> special APIs are not allowed to execute, i.e. the execute() method
>> returns with an error
>> - Existing tests were fixed
>> - We no longer need to hardcode login/logout for doc generation etc.
>> - Api discovery now has login/logout docs etc as well
>> - Since these APIs are tightly coupled with cloud-server artifact, except
>> for responses all the interface definitions etc are within cloud-server
>> - This allows for implementation of other login mechanisms such as saml,
>> oauth, something-custom etc. though implementing it as a plugin is still
>> tricky now
>>
>> I¹ve tested UI and cloudmonkey on port 8080 and 8096, with apikey/secret
>> keys but would welcome help around this area from anyone. I¹ll merge the
>> branch later this week if no one objects.
>>
>> Cheers.
>>
>> On 12-Aug-2014, at 5:50 am, Rohit Yadav <rohit.yadav@shapeblue.com> wrote:
>>
>>> Hi,
>>>
>>> The way we handle login and logout is hardcoded and since there is no
>>> APICommand/BaseCmd implementation the apidoc, apidiscovery and other
>>> don¹t discover these apis. For supporting SAML as an authentication
>>> mechanism, I¹ve refactored the Auth mechanism as a pluggable service
>>> that loads with api-server artifact and both login and logout are now
>>> implemented as a pseduo BaseCmd classes.
>>>
>>> I call them pseudo because their execute() is never called, the
>>> authentication guards in ApiServlet class make sure we call an
>>> authenticate method of such classes. Since, they are tightly coupled
>>> with cloud-server¹s ApiServlet it only made sense to have the interface
>>> definition and implementation within the same package/artifact as well.
>>> This also solves the apidoc issue for login/logout and saml related auth
>>> apis.
>>>
>>> I¹ll merge them after sometime and continue working on saml stuff. Will
>>> push the code in the branch ³auth-refactor² in an hour for
>>> review/testing now. This does not break anything and should not cause
>>> any auth related issues for all existing clients.
>>>
>>> Any suggestions, feedback welcome! Refactoring was pretty straight
>>> forward but I¹ll make sure to write a wiki page on this before merging
>>> to master.
>>>
>>> Regards,
>>> Rohit Yadav
>>> Software Architect, ShapeBlue
>>> M. +41 779015219 | rohit.yadav@shapeblue.com
>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>
>>>
>>>
>>> Find out more about ShapeBlue and our range of CloudStack related
>>> services
>>>
>>> IaaS Cloud Design &
>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>> CSForge ­ rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> CloudStack Infrastructure
>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>> CloudStack Bootcamp Training
>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>
>>> This email and any attachments to it may be confidential and are
>>> intended solely for the use of the individual to whom it is addressed.
>>> Any views or opinions expressed are solely those of the author and do
>>> not necessarily represent those of Shape Blue Ltd or related companies.
>>> If you are not the intended recipient of this email, you must neither
>>> take any action based upon its contents, nor copy or show it to anyone.
>>> Please contact the sender if you believe you have received this email in
>>> error. Shape Blue Ltd is a company incorporated in England & Wales.
>>> ShapeBlue Services India LLP is a company incorporated in India and is
>>> operated under license from Shape Blue Ltd. Shape Blue Brasil
>>> Consultoria Ltda is a company incorporated in Brasil and is operated
>>> under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>> registered by The Republic of South Africa and is traded under license
>>> from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +41 779015219 | rohit.yadav@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>
>>
>>
>> Find out more about ShapeBlue and our range of CloudStack related services
>>
>> IaaS Cloud Design &
>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge ­ rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>> CloudStack Infrastructure
>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training
>> Courses<http://shapeblue.com/cloudstack-training/>
>>
>> This email and any attachments to it may be confidential and are intended
>> solely for the use of the individual to whom it is addressed. Any views
>> or opinions expressed are solely those of the author and do not
>> necessarily represent those of Shape Blue Ltd or related companies. If
>> you are not the intended recipient of this email, you must neither take
>> any action based upon its contents, nor copy or show it to anyone. Please
>> contact the sender if you believe you have received this email in error.
>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>> Services India LLP is a company incorporated in India and is operated
>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>> a company incorporated in Brasil and is operated under license from Shape
>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>> is a registered trademark.

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +41 779015219 | rohit.yadav@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab



Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated
under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
registered by The Republic of South Africa and is traded under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.
Mime
View raw message